1. Field of the Invention
The present invention relates to a method utilized in a wireless communication and communication device thereof, and more particularly, to a method for improving security configuring mechanisms associated with a handover in a wireless communication system and communication device thereof.
2. Description of the Prior Art
A long-term evolution (LTE) system, initiated by the third generation partnership project (3GPP), is now being regarded as a new radio interface and radio network architecture that provides a high data rate, low latency, packet optimization, and improved system capacity and coverage. In the LTE system, an evolved universal terrestrial radio access network (E-UTRAN) includes a plurality of evolved Node-Bs (eNBs) and communicates with a plurality of mobile stations, also referred as user equipments (UEs).
A “mobility from E-UTRA” procedure is an inter-RAT (Radio Access Technology) handover procedure for a user equipment (UE) to hand over from the LTE system to another RAT, such as the UMTS (Universal Mobile Telecommunications System), or GSM (Global System for Mobile communications), GERAN (GSM/EDEG radio access network) lu mode. The E-UTRAN initiates the mobility from E-UTRA procedure by sending a MobilityFromEUTRACommand message including a handover message of the target RAT system. For example, the handover message is a “HANDOVER TO UTRAN COMMAND” message if the target RAT system is the UMTS system.
Information security shall be applied for transmissions during and after the handover to avoid malicious intruders. In the LTE, UMTS, and GERAN lu mode systems, ciphering and integrity protection are employed, whereas the GERAN (non lu mode) only applies ciphering. Furthermore, the LTE is a pure packet switched (PS) system, the UMTS, GERAN and GERAN lu mode systems is a hybrid system of PS and CS (Circuit Switched) service domains. Thus, a UE compatible with all the abovementioned systems includes:
security configuration of the LTE system (for EUTRAN) including a START, a CK (Cipher Key), an IK (Integrity Key), a eKSI (evolved Key Set Identifier), a NAS DL COUNT (Non Access Stratum Downlink COUNT), and a KASME (a key used between the UE and a mobile management entity);
security configuration of the UMTS (for UTRAN) and GERAN lu mode systems including STARTCS/STARTPS, CKCS/CKPS, IKCS/IKPS, KSICS/KSIPS, and COUNTCS/COUNTPS; and
security configuration of the GERAN system including a GSM ciphering key (kc) and a GPRS (Global Packet Radio Service) ciphering key (kc).
Due to the pure PS feature of the LTE system, a CS (Circuit Switched) fallback handover and a Single Radio Voice Call Continuity (SRVCC) handover are introduced allowing the LTE UE to access the CS service domain. The CS fallback handover enables the provisioning of voice and other CS-domain services by reuse of CS infrastructure of the UMTS or GSM system when the UE is served by EUTRAN. The SRVCC provides the UE with the ability to transit a voice call from the VoIP (Voice over Internet Protocol)/IMS (IP Multimedia Subsystem) packet domain to the CS domain.
As can be seen from the above, the UE transits from a single service domain system to a multi-service domain system when performing an inter-RAT handover from the LTE system to any other abovementioned RAT systems.
In the abovementioned handovers, e.g. the CS fallback and SRVCC handovers, and procedure thereof, security configuring actions are not clearly specified for the UE. When the UE performs a handover from the E-UTRAN to the UTRAN, the UE needs to update security configuration by the followings: (1) setting START=0; (2) deriving (CK, IK) from the KASME; and the NAS DL COUNT; (3) setting the KSI to eKSI. After the update, the UE uses the updated security configuration for transmission security with the UTRAN. However, The prior art does not specify which service domain the UE has to select for the security configuration update so that the UE can randomly select the service domain. As can be seen from the above, the UTRAN supports two service domains for which the UE has the security configuration of (STARTCS, CKCS, IKCS, KSICS) and (STARTPS, CKPS, IKPS, KSIPS). The UE possibly selects the service domain different from the service domain the UTRAN uses. For example, the UE selects the (STARTCS, CKCS, IKCS, KSICS) for the update, whereas the UTRAN uses the security configuration of the PS service domain. This causes ciphering and integrity protection errors in transmissions during/after the handover, resulting in a connection break.
For simplicity, when the UE performs a handover from E-UTRAN (single service domain) to a multi-service domain system, the connection between the UE and the target network can be broken due to difference of service domain use of the security configuration.